lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 3 Nov 2011 22:17:48 +0000
From:	Nick Carter <ncarter100@...il.com>
To:	Ed Swierk <eswierk@...switch.com>
Cc:	shemminger@...tta.com, davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: bridge: allow forwarding LLDP frames

On 17 October 2011 19:12, Ed Swierk <eswierk@...switch.com> wrote:
> LLDP frames have reserved destination MAC address 01-80-C2-00-00-0E,
> which by default are not forwarded by 802.1d-compliant bridges.
>
> In certain situations, like when creating a transparent link-layer
> relay between a pair of interfaces, it may be useful to configure a
> bridge interface to forward LLDP and other control frames in the
> 01-80-C2-00-00-xx range rather than filtering them.
>
> Stephen Hemminger's recent patch allows the user to set a sysfs
> attribute /sys/class/net/brX/bridge/group_fwd_mask to enable
> forwarding of normally filtered addresses, with certain exceptions.
> This patch eliminates the restriction on LLDP frames, allowing the
> user to override the default behavior of filtering them.

The reason the group fwd mask was introduced was to make the bridge
forward link local group addresses.  This is non standards based
behaviour.  The point of the group fwd mask is so that users can have
non standard bridging behaviour.

I don't understand why the recent commit includes blocking the user
from choosing to forward certain groups because it breaks standards ?
The default mask of 0 is standards based behaviour.  If the user sets
it to anything other than 0 then they want non standards based
behaviour.

In my view the behaviour now is very confusing for the user.  802.1X
is allowed to be forwarded but LLDP forwarding is rejected ?

The group fwd mask should be allowed to be set to any value.  This
would give flexible and predictable behaviour to the user.

I think we should assume users know the behaviour they require and
BR_GROUPFWD_RESTRICTED should be removed from the codebase.

Nick

>
> Signed-off-by: Ed Swierk <eswierk@...switch.com>
>
> ---
>
> diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
> index a248fe6..b016dd8 100644
> --- a/net/bridge/br_private.h
> +++ b/net/bridge/br_private.h
> @@ -31,8 +31,8 @@
>
>  /* Control of forwarding link local multicast */
>  #define BR_GROUPFWD_DEFAULT    0
> -/* Don't allow forwarding control protocols like STP and LLDP */
> -#define BR_GROUPFWD_RESTRICTED 0x4007u
> +/* Don't allow forwarding control protocols like STP */
> +#define BR_GROUPFWD_RESTRICTED 0x0007u
>
>  /* Path to usermode spanning tree program */
>  #define BR_STP_PROG    "/sbin/bridge-stp"
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ